Malicious PDF — malware analysis report

Static analysis result for SHA-256 6121c203664d8b37…

MALICIOUS

PDF

17.0 KB Created: 2019-04-30 08:12:07 +01:00 Authoring application: mPDF 5.7
MD5: 8a2feaa6d855cb9ad804250e8ac8023f SHA-1: 043990c8829d5e90ee63d2f40cc9120ed586d9fc SHA-256: 6121c203664d8b37e21f406461d73a8759245732ceecd600e580063e51164ecf
100 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded external links, identified as a link farm. While the document body is unreadable, the heuristic 'PDF_SEO_LINK_FARM' strongly suggests the document's purpose is to drive traffic to these external URLs. The presence of a 'SE_DOWNLOAD_BUTTON' heuristic further indicates a deceptive call-to-action, likely to encourage clicks on these links.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://muicuiu.dumb1.com/4a08a01a09a05/Borrowed-Ember-Fire-Spirits-3-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/4a04a07a01a01a03/Smokeless-Fire-Fire-Spirits-1-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/4a03a02a07a08/Smokeless-Fire-Fire-Spirits-1-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/3a02a02a07a04a00/Darkness-Kindled-Fire-Spirits-4-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/4a06a01a03a02a09/Saving-Samantha-A-Young-Woman-s-Escape-From-Childhood-Hell-by-Samantha-C-Weaver.pdf
    • http://muicuiu.dumb1.com/5a08a05a02a00a05/Ember-s-Fire-by-Norah-Wilson.pdf
    • http://muicuiu.dumb1.com/2a05a02a08a04a06/The-Circle-of-Fire-In-the-Midst-of-the-Ashes-an-Ember-of-Hope-Flickered-by-Justina-R-Page.pdf
    • http://muicuiu.dumb1.com/3a01a07a00a02a08/Young-Men-and-Fire-A-True-Story-of-the-Mann-Gulch-Fire-by-Norman-Maclean.pdf
    • http://muicuiu.dumb1.com/3a09a00a09a06/Mean-Spirits-Young-Blood-The-Mediator-3-4-by-Meg-Cabot.pdf
    • http://muicuiu.dumb1.com/9a05a08a09a05a05/Through-the-Fire-Based-on-a-True-Story-About-a-Young-Girl-That-Was-Maliciously-Burned-in-a-House-Fire-by-Theresa-A-Vandermeer.pdf
    • http://muicuiu.dumb1.com/3a01a08a08a06/Hero-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/3a00a08a07a08a01/Fire-Tales-of-Elemental-Spirits-by-Robin-McKinley.pdf
    • http://muicuiu.dumb1.com/5a00a04a05a01a09/The-Fragile-Ordinary-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/4a03a05a07a02a05/The-Impossible-Vastness-of-Us-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/1a08a07a03a09a09/Slumber-The-Fade-1-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/9a00a00a06/Fight-or-Flight-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/4a02a06a03a09a02/Hold-On-Play-On-2-5-Big-Sky-3-6-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/8a07a09a08a08a04/Die-Entscheidung-des-Flammenm-dchens-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/3a00a07a02a00/On-Dublin-Street-by-Samantha-Young.pdf
    • http://muicuiu.dumb1.com/3a00a03a01a03/On-Dublin-Street-by-Samantha-Young.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.